66ac1e041174906d9fdf03db7960efd2_JaffaCakes118

General

Target

66ac1e041174906d9fdf03db7960efd2_JaffaCakes118
Size

40KB
MD5

66ac1e041174906d9fdf03db7960efd2
SHA1

748f257970415231a4d979087753076643632e2f
SHA256

c186a58edd74f9daa3efa3be9d9d2c773112f5c44b16d992f33719fa7b7f34d7
SHA512

a9d73bad3ddb00f4a878bc9876a144c6280fd15741981fdb7afdcdd762161d097c7c7c1a1cca1e06aeb28f2516bd5e6def3ca2457949f701af752017a61b90f7
SSDEEP

768:OIMTxPAGa9neIjW4ZUUT1rCNyqxxl8yZSiBVo:OIY+GaB1UUT1dqxRA0o

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
66ac1e041174906d9fdf03db7960efd2_JaffaCakes118

Files

66ac1e041174906d9fdf03db7960efd2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a28fce684e25118233d4c9aa24e76aa8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetSystemDirectoryA
DeleteFileA
InitializeCriticalSection
GetEnvironmentStrings
WaitForSingleObject
GetLastError
ResumeThread
CreateThread
TlsSetValue
ExitThread
CloseHandle
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue
HeapAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetFilePointer
InterlockedDecrement
InterlockedIncrement
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetProcAddress
LoadLibraryA
SetEndOfFile
ReadFile
LCMapStringA
LCMapStringW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA

wsock32

connect
WSAStartup
socket
htons
gethostbyname
send
recv
closesocket
WSACleanup

Sections

.text
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a28fce684e25118233d4c9aa24e76aa8

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

wsock32

Sections

.text Size: 28KB - Virtual size: 24KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 9KB

.text
Size: 28KB - Virtual size: 24KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 9KB